Enhanced aud check for aud array

AuthentiqID · Apr 6, 2017 · d16ae7c · d16ae7c
1 parent eb5cdf2
commit d16ae7c
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 15 deletions.
diff --git a/src/Provider/Authentiq.php b/src/Provider/Authentiq.php
@@ -1,4 +1,11 @@
 <?php
+/**
+ * Created by alexkeramidas for Authentiq B.V.
+ * Authentiq
+ * User: alexkeramidas
+ * Date: 14/3/2017
+ * Time: 8:28 μμ
+ */
 
 namespace Authentiq\OAuth2\Client\Provider;
 

diff --git a/src/Provider/AuthentiqResourceOwner.php b/src/Provider/AuthentiqResourceOwner.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Created by PhpStorm.
- * User: alex
+ * Created by alexkeramidas for Authentiq B.V.
+ * User: alexkeramidas
  * Date: 14/3/2017
  * Time: 8:28 μμ
  */

diff --git a/src/Token/AccessToken.php b/src/Token/AccessToken.php
@@ -1,5 +1,6 @@
 <?php
 /**
+ * Created by alexkeramidas for Authentiq B.V.
  * Authentiq Access Token
  * User: alexkeramidas
  * Date: 14/3/2017
@@ -60,7 +61,11 @@ public function __construct(array $options = [], $provider, $clientSecret)
          * If the nbf, iat, exp in conjunction with the leeway are defined and valid.
          */
 
-        if ($provider->getClientId() != $idTokenClaims['aud']) {
+        if (is_array($idTokenClaims['aud'])) {
+            if (strpos(implode(" ", $idTokenClaims['aud']), $provider->getClientId()) === false) {
+                throw new RuntimeException('Invalid audience');
+            }
+        } else if ($provider->getClientId() != $idTokenClaims['aud']) {
             throw new RuntimeException('Invalid audience');
         }
 

diff --git a/tests/AuthentiqTest.php → tests/src/Provider/AuthentiqTest.php b/tests/AuthentiqTest.php → tests/src/Provider/AuthentiqTest.php
@@ -1,25 +1,50 @@
 <?php
+/**
+ * Created by alexkeramidas for Authentiq B.V.
+ * Authentiq Test
+ * User: alexkeramidas
+ * Date: 6/4/2017
+ * Time: 12:00 μμ
+ */
 namespace Authentiq\OAuth2\Client\Test\Provider;
 
-use Authentiq\OAuth2\Client\Provider\Authentiq as OauthProvider;
+use Authentiq\OAuth2\Client\Provider\Authentiq;
+use Mockery as m;
+use PHPUnit\Framework\TestCase;
 
-class AuthentiqTest extends \PHPUnit_Framework_TestCase
+class AuthentiqTest extends TestCase
 {
-    protected $config = [
-        'account'      => 'mock_account',
-        'clientId'     => 'mock_client_id',
-        'clientSecret' => 'mock_secret',
-        'redirectUri'  => 'none',
-    ];
+    protected $provider;
+
+    protected function setUp(){
+        $this->provider = new Authentiq([
+            'domain'                  => 'https://example.com',
+            'clientId'                => 'mock_client_id',
+            'clientSecret'            => 'mock_secret',
+            'redirectUri'             => 'none',
+            'scope' => 'aq:name address aq:location aq:push email phone'
+        ]);
+    }
+
+    public function tearDown()
+    {
+        m::close();
+        parent::tearDown();
+    }
+
 
     public function testGetAuthorizationUrl()
     {
-        $provider = new OauthProvider($this->config);
-        $url = $provider->urlAuthorize();
+        $url = $this->provider->getBaseAuthorizationUrl();
         $uri = parse_url($url);
 
-        $this->assertEquals($this->config['account'] . '.authentiq.com', $uri['host']);
-        $this->assertEquals('/authorize', $uri['path']);
+        $this->assertArrayHasKey('client_id', $query);
+        $this->assertArrayHasKey('redirect_uri', $query);
+        $this->assertArrayHasKey('state', $query);
+        $this->assertArrayHasKey('scope', $query);
+        $this->assertArrayHasKey('response_type', $query);
+        $this->assertArrayHasKey('approval_prompt', $query);
+        $this->assertNotNull($this->provider->getState());
     }
 
     public function testGetAuthorizationUrlWhenAccountIsNotSpecifiedShouldThrowException()